rsigma 0.18.0

CLI for parsing, validating, linting and evaluating Sigma detection rules
1
2
3
4
5
6
7
8
9
10
11
{
  "name": "SigmaHQ baseline (test fixture)",
  "versions": { "attack": "16", "navigator": "4.8.1", "layer": "4.4" },
  "domain": "enterprise-attack",
  "techniques": [
    { "techniqueID": "T1059", "score": 5 },
    { "techniqueID": "T1047", "score": 2 },
    { "techniqueID": "T1566", "score": 1 },
    { "techniqueID": "T1003", "score": 3 }
  ]
}